<?php
    require_once './Tool/DB/SqlDBManager.class.php';
    require_once './Tool/Common/PrepareInput.php';

    $sqlDBManager = new SqlDBManager();

    $NRIC = prepareInput($_REQUEST['barcode']);
    if (!preg_match("/^[0-9A-Za-z]*$/",$NRIC) || strlen($NRIC)!= 9) {
        echo "<font color='red'>Invalid NRIC!</font>";
    }
    if(!empty($_SESSION['selectedBackDate'])){
        $date=prepareInput($_SESSION['selectedBackDate']);
    }else{
        $date=date('Y-m-d', time());
    }
    $Username = $_SESSION['username'];
    $userCenterName = $_SESSION["centreName"];
    $userType= $_SESSION["userType"];
    $centreName = "";

    $sql = "Select CentreName from centre where CentreId = (SELECT client.CentreId from centre, client WHERE client.NRIC = ? AND centre.CentreId = client.CentreId)";
    $parameters=array($NRIC);
    $res =$sqlDBManager->queryRow($sql,$parameters);
    if(!empty($res)){
        $centreName = $res[0];
    }

    $sql = "Select * from attendancerecord where NRIC=? AND DATE(SignInTimeStamp) like ?";

    $parameters = array($NRIC,"%".$date."%");
    $res=$sqlDBManager->queryRows($sql,$parameters);

    if($userType=="Centre Manager"){
        if ($centreName == $userCenterName) {
            if (empty($res)) {
                $signInTimeStamp = $date . ' 00:00:00';
                $signOutTimeStamp = $date . ' 00:00:00';
                $sql = "SELECT client.CentreId FROM client WHERE NRIC = ?";
                $parameters = array($NRIC);
                $res=$sqlDBManager->queryRow($sql,$parameters);
                if(!empty($res)){
                    $centreId = $res[0];
                }else{
                    $centreId="";  
                }
                $sql = "INSERT INTO attendancerecord (NRIC, CentreId, SignInTimeStamp, SignOutTimeStamp, Status, AuditSignIn) VALUES (?,?,?,?,?,?)";
                $parameters=array($NRIC,$centreId, $signInTimeStamp,$signOutTimeStamp,'BackDated', $Username);
                $res =$sqlDBManager->execute_dml($sql,$parameters);

                if ($res){
                    echo "<font color='red'>Back Date successfully.</font>";
                }else{
                    echo "<font color='red'>Back date failed due to database error.</font>";
                }
            }else{
                echo "<font color='red'>Attendance for that elderly has been taken already.</font>";
            }
        }else{
            echo "<font color='red'>The elderly does not belong to this centre.</font>";
        }    
    }else{
       if (empty($res)) {
            $signInTimeStamp = $date . ' 00:00:00';
            $signOutTimeStamp = $date . ' 00:00:00';
            $sql = "SELECT client.CentreId FROM client WHERE NRIC = ?";
            $parameters = array($NRIC);
            $res=$sqlDBManager->queryRow($sql,$parameters);
            if(!empty($res)){
                $centreId = $res[0];
            }else{
                $centreId="";  
            }
            $sql = "INSERT INTO attendancerecord (NRIC, CentreId, SignInTimeStamp, SignOutTimeStamp, Status, AuditSignIn) 
            VALUES (?,?,?,?,?,?)";
            $parameters=array($NRIC,$centreId, $signInTimeStamp,$signOutTimeStamp,'BackDated', $Username);
            $res =$sqlDBManager->execute_dml($sql,$parameters);

            if ($res) {
                echo "<font color='red'>Back Date successfully.</font>";
            } else {
                echo "<font color='red'>Back date failed due to database error.</font>";
            }
        }else{
            echo "<font color='red'>Attendance for that elderly has been taken already.</font>";
        } 
    }
?>	